Presented at GitHub Universe, December 9, 2020.
You’ve set up your infrastructure as code in GitHub Actions to securely test and deploy to production. One year later, you discover the account keys you used for automation have been compromised! In a panic, you scramble around multiple repositories looking for where you used the account keys and throw together a script to rotate them. You start to wonder, “is there a better way I could have managed my secret?” In this talk, you’ll learn how to manage secrets in your infrastructure pipeline using HashiCorp Vault and Terraform with GitHub Actions. By using Vault’s dynamic secrets engines, you can rotate, audit, and manage the lifecycle of your infrastructure account keys and API tokens. In addition to managing service account keys for Terraform automation, we’ll cover how Vault can generate secrets such as database passwords for creating infrastructure resources.